Strengthening internal audit’s impact and influence

Nine ways to respond to stakeholder’s needs

How can your internal audit function meet stakeholders’ needs to deliver not only assurance, but also to advise and anticipate risk? We’ve outlined nine proven ways to increase the impact and influence of internal audit.

Explore content

Effectively responding to stakeholder needs

Results from our 2016 Global Chief Audit Executive Survey showed that only 28 percent of chief audit executives (CAEs) believe their functions have strong impact and influence in their organizations. And 16 percent felt that internal audit had little to no impact at all.

So we’ve identified nine proven ways CAEs can effectively respond to stakeholders’ needs. And in doing so, increase internal audit’s impact and influence. These aren’t quick fixes or magical solutions. They require effort and commitment. But they work.

Develop and launch a brand identity. Your brand is simply what you’re known for. In your organization, what comes to mind when people hear the words “internal audit?” Do they think of an innovative, value-adding team of advisors—or something else? To change their thinking, change your brand.

Link advisory activities to assurance work. If you’d like to provide more advisory services, you might start with addressing senior management’s goals and the strategies for reaching them. But that may seem overwhelming, especially if you’re new to advisory services or feel mired in assurance activities. Although you should always seek to understand management’s goals and strategies, there are other entry points to advisory services.

Provide cyber assurance services. As you’ve no doubt heard, it’s not a matter of if your organization will experience a cyberattack—it’s when. Cyber risks are therefore at the top of board and audit committee agendas. And they’ll likely remain there.Learn more about Cybersecurity and the role of Internal Audit.

Audit the end-to-end risk management function. As the third line of defense in risk management, internal audit has a crucial role in providing assurance on the effectiveness of risk management activities performed by the first and second lines of defense. Fragmented, siloed risk management creates costs, gaps, and redundancies, and can expose organizations to unanticipated risk consequences.

Review the strategic planning process. In many organizations, internal audit will be prompting the audit committee to ensure that the board is fully engaged in strategic planning. It’s a key governance and oversight issue, particularly with regard to the data that management relies upon, the models planners use, and the assumptions management makes.

Adopt analytics. Internal audit can leverage analytics capabilities across the business to the benefit of virtually every area of the organization. Analytics leads directly to cost savings through more targeted, effective, and efficient audits. It also frees up time for the advisory activities that it enables.Learn more about internal audit analytics and the journey to 2020.

Contemporize internal audit reporting. A lot of internal audit’s work goes unnoticed due to outdated approaches to reporting. The right reporting enhancements will get that work noticed and give stakeholders vivid evidence of change in internal audit.

Enhance skills and capabilities. We often see skill deficits or shortages as a root cause of internal audit’s limited impact and influence. Given organizations’ evolving needs, internal audit’s skills must evolve for the function to remain relevant.

Heighten personal impact. Your personal impact as an internal audit leader will set the tone and impact stakeholders’ perceptions of the function. And impact and influence don’t just come from acquiring technical skills. They also result from strong communication, collaboration, leadership, and other interpersonal skills.

The path to greater impact

Impact and influence accrue over time with each improved process, reduced cost, and better-managed risk. Focusing on the areas listed above sets internal audit on a journey up the value chain. Along the way, compliance becomes more efficient; reporting more relevant; and advisory more credible, useful, and supportive.

We’ve repeatedly seen that when internal audit dedicates its best efforts to what matters most, its impact and influence are inevitably enhanced. So align your vision for internal audit with the strategic vision of the organization, your resources with stakeholders’ needs, and your professional approach with stakeholders’ ways of working.

Get in touch

Partner | Deloitte Risk and Financial Advisory

As a partner with Deloitte & Touche LLP, Sandy leads the US Internal Audit practice. She works with CEOs, chief risk officers, chief audit executives, and compliance officers to help develop company-s... More

Principal | Deloitte Risk and Financial Advisory

As a principal in Deloitte & Touche LLP’s Internal Audit and Assurance practice, and a national leader in the Deloitte Analytics practice, Neil provides risk and analytic services across a full range ... More

Managing Director | Internal Audit

Sarah is a managing director at Deloitte & Touche LLP and the global leader of Deloitte's IT Internal Audit practice with more than 25 years of audit, technology, operations, and IT risk and controls ... More

Global Operational Risk and Internal Audit Leader

Terry is a partner in the Deloitte Canada Risk Advisory practice. He is the Global Operational Risk Leader and is also Deloitte’s Global Internal Audit leader. With over 25 years of experience, he hel... More

Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by guarantee ("DTTL"), its network of member firms, and their related entities. DTTL and each of its member firms are legally separate and independent entities. DTTL (also referred to as "Deloitte Global") does not provide services to clients. In the United States, Deloitte refers to one or more of the US member firms of DTTL, their related entities that operate using the "Deloitte" name in the United States and their respective affiliates. Certain services may not be available to attest clients under the rules and regulations of public accounting. Please see www.deloitte.com/about to learn more about our global network of member firms.